RE: Cisco & NTLM (fwd)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Tue, 19 Mar 2002 10:54:51 +1100

Yes. That's what squid 2.5 handles.

The usual caveat about not being able to mix authentication and
interception applies.

Furthermore, when IE is configured with a proxy, for most (not all, but
currently including squid) proxies, it will automagically disable NTLM
for internet sites. There is an I-D describing what IE looks for to
leave this enabled.

Cheersm
Rob

> -----Original Message-----
> From: Lincoln Dale [mailto:ltd@cisco.com]
> Sent: Tuesday, March 19, 2002 10:27 AM
> To: Duane Wessels
> Cc: squid-dev@squid-cache.org
> Subject: Re: Cisco & NTLM (fwd)
>
>
> with Internet Explorer, a cache can use a 407 response with an
> "Proxy-Authenticate: NTLM".
>
> IE will use then use the user's credentials for the first
> (transparent)
> authentication attempt. only if it fails does it pop up a dialog box.
>
>
> cheers,
>
> lincoln.
>
> At 04:31 PM 18/03/2002 -0700, Duane Wessels wrote:
> >any NT gurus want to answer this?
> >
> >
> >---------- Forwarded message ----------
> >Date: Mon, 18 Mar 2002 14:06:41 -0600 (CST)
> >From: William Devine II <william@smartguys.net>
> >Reply-To: isp-caching@isp-caching.com
> >To: isp-caching@isp-caching.com
> >Subject: Re: Cisco & NTLM
> >
> >
> >I'm curious how they do the transparent part when anytime I've ever
> >setup password authentication on squid, it's required me to enter a
> >username & password. What method exists to transparently pass a
> >username & password to squid via a web browser? Does it
> check to see
> >if the IP# is authenticated on the NT domain or something? I've been
> >trying to come up with a way to transparently authenticate based on
> >whatever username & password the user logged into their NT domain or
> >workgroup as.
> >
> >Thanks!
> >william
> >
> >On Mon, 18 Mar 2002, Doug Lohf wrote:
> >
> > > Various caching companies support transparent NTLM
> authentication.
> > > Most require you to put an "agent" on the PDC or BDC. This is
> > > generally not a problem. Your concern is that you need a product
> > > that supports multiple domains. Also, if you are running NTLM
> > > authentication on internal IIS servers. You will need a
> product that
> > > does not "break" the NTLM authentication process.
> > >
> > > Places to look would be:
> > > Network Appliance
> > > Inktomi
> > > CacheFlow
> > > Possibly Cisco with version 4.0.
> > > If I missed others, please respond. Details would be
> nice. (No sales
> > > fluff)
> > >
> > > If these features are supported, it is likely in a very recent
> > > version of code.
> > >
> > > All of the products support WCCPv2. You may be limited in your
> > > choice
> > of the
> > > version of code on the router.
> > >
> > > It would be nice to hear from the respective companies on their
> > > support for NTLM authentication in multiple domains.
> > >
> > > Doug
> > >
> > >
> > >
> > > > From: "Serge" <serge@cefib.com>
> > > > Reply-To: isp-caching@isp-caching.com
> > > > Date: Mon, 11 Mar 2002 21:03:30 -0000
> > > > To: isp-caching@isp-caching.com
> > > > Subject: Re: Cisco & NTLM
> > > >
> > > > sorry I misundertood the question
> > > > I was way off
> > > > forget my last post
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Sheaffer Residence" <illyse@bellsouth.net>
> > > > To: <isp-caching@isp-caching.com>
> > > > Sent: Saturday, March 09, 2002 4:52 AM
> > > > Subject: Cisco & NTLM
> > > >
> > > >
> > > >>
> > > >> Can someone help me understand something..... I have
> NT servers
> > > >> in
> > > > multple
> > > >> domains but all trusted to a master domain. I want my
> users on
> > > >> their workstations using transparent WCCP v2, to
> automatically be
> > > >> caching
> > while
> > > >> having the ability to capture who the users are w/o
> them having
> > > >> to "sign
> > > > on"
> > > >> to another screen. Does Cisco have this capability? What if
> > > >> anything
> > > > needs
> > > >> to be on the PDC/BDCs?
> > > >>
> > > >> Am I asking to much?
> > > >>
> > > >>
> > > >>
Received on Mon Mar 18 2002 - 16:54:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:52 MST